All news
Dr.Web products
Dr.Web AV-Desk
Dr.Web beta versions news
Updates of virus database
Virus alerts
Virus reviews
Real-time threats news
Promotions
Corporate news

Sign up

RSS-feeds

Information
Myths about Dr.Web
About viruses

Resources
Press center
For web-site owners

Buy
Buy from partners
Anti-virus As a Service
Buy online
License center
Contact sales

Cross-platform Trojan controls Windows and Mac machines

July 25, 2012

Russian anti-virus company Doctor Web is warning users about a dangerous cross-platform Trojan horse that provides criminals with full control over infected machines and can render a system non-operational. The malicious application, dubbed BackDoor.DaVinci.1, runs both in Windows and Mac OS X. Notably, the version for Mac OS X for the first time features rootkit technologies to hide the Trojan's processes and files.

BackDoor.DaVinci.1 is developed and sold by HackingTeam which has been in business since 2003. This malicious program is a multi-component backdoor that includes a large number of functional modules, such as drivers that use rootkit technologies, to hide the application in an operating system.

BackDoor.DaVinci.1 is spread as the AdobeFlashPlayer.jar file, signed using an invalid digital certificate. On July 23 a user sent this signed applet to Doctor Web for analysis.

screen

The file determines the OS type and saves and launches an infected application in the compromised system—currently, Doctor Web's virus analysts have Trojan samples intended for Windows and Mac OS X. It is known that a version targeting mobile platforms also exists.

screen

The malware features a modular architecture: the main backdoor component is supplemented with an encrypted configuration file and rootkit drivers. These drivers enable the malicious application to hide its presence. All Trojan versions use the same configuration file containing the modules' settings.

screen

BackDoor.DaVinci.1 allows criminals to gain full control over an infected computer. In addition, the Trojan saves and transmits information about the infected machine to criminals, acts as a key logger, can take screenshots, and intercept e-mail, ICQ, Skype messages and data captured by a microphone or video camera connected to a computer. In addition, the backdoor has a large set of tools to bypass anti-virus software and firewalls, so it may run unnoticed in a system for a long time. Interestingly, BackDoor.DaVinci.1 for Mac OS X is the first instance of malware for the platform that uses rootkit technologies to hide its files and processes.

HackingTeam criminals call their brainchild a 21st-century weapon and sell BackDoor.DaVinci.1 as a remote control and espionage solution. The Trojan poses a serious threat to users, because it not only intercepts any information on the infected computer but also gives criminals full control over a compromised system, so that they can render it non-operational, for example, by damaging or removing its components.

Despite BackDoor.DaVinci.1 developers' claims that this malicious application can withstand any modern anti-virus program, Dr.Web for Windows and Dr.Web for Mac OS X detect and successfully remove BackDoor.DaVinci.1; therefore, Dr.Web users are well protected against this threat.

Back to news
Company | News&Events | Send a virus | Online scanner | Privacy policy | Site map
[Google+] [Blog Dr.Web] [You Tube] [Twitter] [Facebook]
Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown. Doctor Web was the first company to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.


Rambler 100